package priv.mill.security.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 1
 * 继承WebSecurityConfigurerAdapter
 * 并且标记@EnableWebSecurity注解可以让本权限控制类生效
 * 2
 * @Configuration 相当与 @Component 可以让本权限类加入IOC容器
 * 
 * @EnableGlobalMethodSecurity说明
 * 
 * 	3.1、@EnableGlobalMethodSecurity(securedEnabled=true) 开启@Secured 注解过滤权限
	3.2、@EnableGlobalMethodSecurity(jsr250Enabled=true)  开启@RolesAllowed 注解过滤权限 
	3.3、@EnableGlobalMethodSecurity(prePostEnabled=true) 使用表达式时间方法级别的安全性 4个注解可用
		 * 	- @PreAuthorize 在方法调用之前,基于表达式的计算结果来限制对方法的访问
			- @PostAuthorize 允许方法调用,但是如果表达式计算结果为false,将抛出一个安全性异常
			- @PostFilter 允许方法调用,但必须按照表达式来过滤方法的结果
			- @PreFilter 允许方法调用,但必须在进入方法之前过滤输入值
 * 
 * @author mill
 *
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class MillSecurityConfigAdapter extends WebSecurityConfigurerAdapter{

	/**
	 * 身份验证管理生成器
	 * 给一些默认的用户配置
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//		super.configure(auth);
		auth.inMemoryAuthentication()
			.withUser("root")
			.password("123")
			.roles("USER")
		.and()
			.withUser("user")
			.password("user")
			.roles("USER")
		.and()
			.withUser("admin")
			.password("admin")
			.roles("ADMIN","USER");
	}

	/**
	 * WEB安全
	 */
	@Override
	public void configure(WebSecurity web) throws Exception {
		super.configure(web);
	}

	/**
	 * HTTP请求安全处理
	 */
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		super.configure(http);
	}

	
}
